1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <sys/resource.h>
20 #include <sys/types.h>
21 
22 #include <optional>
23 #include <string>
24 #include <vector>
25 
26 #include <android-base/unique_fd.h>
27 #include <cutils/iosched_policy.h>
28 
29 #include "interprocess_fifo.h"
30 #include "mount_namespace.h"
31 #include "result.h"
32 
33 namespace android {
34 namespace init {
35 
36 // Constants used by Service::Start() for communication between parent and child.
37 enum ServiceCode : uint8_t {
38     kActivatingCgroupsFailed,
39     kCgroupsActivated,
40     kSetSidFinished,
41 };
42 
43 class Descriptor {
44   public:
Descriptor(const std::string & name,android::base::unique_fd fd)45     Descriptor(const std::string& name, android::base::unique_fd fd)
46         : name_(name), fd_(std::move(fd)){};
47 
48     // Publish() unsets FD_CLOEXEC from the FD and publishes its name via setenv().  It should be
49     // called when starting a service after fork() and before exec().
50     void Publish() const;
51 
52   private:
53     std::string name_;
54     android::base::unique_fd fd_;
55 };
56 
57 struct SocketDescriptor {
58     std::string name;
59     int type = 0;
60     uid_t uid = 0;
61     gid_t gid = 0;
62     int perm = 0;
63     std::string context;
64     bool passcred = false;
65     bool listen = false;
66     bool persist = false;
67 
68     // Create() creates the named unix domain socket in /dev/socket and returns a Descriptor object.
69     // It should be called when starting a service, before calling fork(), such that the socket is
70     // synchronously created before starting any other services, which may depend on it.
71     Result<Descriptor> Create(const std::string& global_context) const;
72 };
73 
74 struct FileDescriptor {
75     std::string name;
76     std::string type;
77 
78     Result<Descriptor> Create() const;
79 };
80 
81 struct NamespaceInfo {
82     int flags;
83     // Pair of namespace type, path to name.
84     std::vector<std::pair<int, std::string>> namespaces_to_enter;
85 };
86 Result<void> EnterNamespaces(const NamespaceInfo& info, const std::string& name,
87                              std::optional<MountNamespace> override_mount_namespace);
88 
89 struct ProcessAttributes {
90     std::string console;
91     IoSchedClass ioprio_class;
92     int ioprio_pri;
93     std::vector<std::pair<int, rlimit>> rlimits;
94     std::optional<uid_t> parsed_uid;
95     gid_t gid;
96     std::vector<gid_t> supp_gids;
97     int priority;
98     bool stdio_to_kmsg;
99 
uidProcessAttributes100     uid_t uid() const { return parsed_uid.value_or(0); }
101 };
102 
RequiresConsole(const ProcessAttributes & attr)103 inline bool RequiresConsole(const ProcessAttributes& attr) {
104     return !attr.console.empty();
105 }
106 
107 Result<void> SetProcessAttributes(const ProcessAttributes& attr, InterprocessFifo setsid_finished);
108 
109 Result<void> WritePidToFiles(std::vector<std::string>* files);
110 
111 }  // namespace init
112 }  // namespace android
113